SQL injection is a type of injection attack.
Injection attacks occur when maliciously crafted inputs are submitted
by an attacker, causing an application to perform an unintended action.
Because of the ubiquity of SQL databases,
SQL injection is one of the most common types of attack on the internet.

If you only have time to protect yourself against one
vulnerability, you should be checking for SQL injection vulnerabilities
in your codebase!

Risks

Prevalence

Occasional

Exploitability

Easy

Impact

Devastating

What’s the worst thing that could happen when you suffer a SQL injection
attack?

Our example hack showed you how to bypass
the login page: a huge security flaw for a banking site. More complex attacks
will allow an attacker to run arbitrary statements on the database. In the past,
hackers have used injection attacks to: